CVE-2026-28351

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.4

Description The pypdf library is susceptible to a resource exhaustion issue. An attacker can create a specially crafted PDF file that causes excessive memory usage when processed using the RunLengthDecode filter. This can lead to a denial-of-service condition.

Recommendations Versions prior to 6.7.4 should be upgraded to version 6.7.4 or later. As a temporary workaround, consider applying the changes from PR #3664.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2026-02550

CVE-2026-28351

GHSA-F2V5-7JQ9-H8CG

OPENSUSE-SU-2026:10277-1

Affected Products

Red Os

Pypdf

CVE-2026-28351

Weakness Enumeration

Related Identifiers

Affected Products

References · 25